Re: FC6T1 avc denied messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-06-26 at 11:34 -0400, Stephen Smalley wrote:
> On Sun, 2006-06-25 at 13:19 -0500, Jay Cliburn wrote:
> > I installed FC6T1 in the last day or two, and I'm seeing lots of
> > avc:denied messages when something tries to access the network.  The
> > common thread seems to be netif.  SELinux is enforcing.
> > 
> > I relabeled with:
> > setfiles /etc/selinux/targeted/contexts/files/file_contexts /
> > but the problem persists.
> > 
> > [root@gadwall etc]# grep "avc:  denied" /var/log/messages | more
> > Jun 25 04:12:39 gadwall kernel: audit(1151226759.322:28): avc:  denied  { send } for  pid=4327 comm="local" saddr=127.0.0.1 src=32769 daddr=127.0.0.1 dest=512 netif=lo scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
> <snip>
> 
> What policy do you have?  rpm -q selinux-policy
> Latest policy should include those permissions.
> 

[jcliburn@gadwall ~]$ uname -r
2.6.17-1.2307_FC6
[jcliburn@gadwall ~]$ rpm -q selinux-policy-targeted
selinux-policy-targeted-2.3.1-1

For now, I've fallen back to Permissive mode so SMTP traffic and
process-based DNS lookups work (e.g., cupsd); they won't work in
Enforcing mode.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux